Bug: Change password of a user without auth mechanism set (#9965)

* Bug: Change password of a user without auth mechanism set * Fix same issue for validating password
2025-09-06 15:43:04 +00:00 · 2023-01-27 18:57:51 +01:00 · 2023-01-27 18:57:51 +01:00 · 813d2c4fe6
commit 813d2c4fe6
parent 72912d75a4
1 changed files with 13 additions and 0 deletions
--- a/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/BasicAuthenticator.java
@ -248,6 +248,14 @@ public class BasicAuthenticator implements AuthenticatorHandler {

    // Fetch user
    User storedUser = userRepository.getByName(uriInfo, userName, userRepository.getFieldsWithUserAuth("*"));
+
+    // when basic auth is enabled and the user is created through the API without password, the stored auth mechanism
+    // for the user is null
+    if (storedUser.getAuthenticationMechanism() == null) {
+      storedUser.setAuthenticationMechanism(
+          new AuthenticationMechanism().withAuthType(BASIC).withConfig(new BasicAuthMechanism().withPassword("")));
+    }
+
    BasicAuthMechanism storedBasicAuthMechanism =
        JsonUtils.convertValue(storedUser.getAuthenticationMechanism().getConfig(), BasicAuthMechanism.class);

@ -431,6 +439,11 @@ public class BasicAuthenticator implements AuthenticatorHandler {
  }

  public void validatePassword(User storedUser, String reqPassword) throws TemplateException, IOException {
+    // when basic auth is enabled and the user is created through the API without password, the stored auth mechanism
+    // for the user is null
+    if (storedUser.getAuthenticationMechanism() == null) {
+      throw new AuthenticationException(INVALID_USERNAME_PASSWORD);
+    }
    @SuppressWarnings("unchecked")
    LinkedHashMap<String, String> storedData =
        (LinkedHashMap<String, String>) storedUser.getAuthenticationMechanism().getConfig();